Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

definitions for UCS privileges

The documentation for UCSM lists all of the privileges you can use for creating Roles, but not what resources and permissions each one allows. For example:

PrivilegeDescriptionDefault Role Assignment
aaaSystem security and AAAAAA Administrator
adminSystem administrationAdministrator
ext-lan-configExternal LAN configurationNetwork Administrator
ext-lan-policyExternal LAN policyNetwork Administrator
server-maintenanceServer maintenanceServer Equipment Adminstrator

What I need to know is what each privilege provides in terms of access and perms - I really don't want to have to experiment for days to get a solid/safe role configuration.

Everyone's tags (3)

Re: definitions for UCS privileges

Mark,  the docs could be better in this regard.  It's not too complex though if you read the rest of the chapter this section describes the object groups / parts of UCSM that the role applies to - I've added a bit to each just to make this more clear.

In practice, there should be very few people with access to UCS and in fact a new kind of role called a Data Center Engineer is useful who can manage this "big host" that is UCS and has Admin access.  You _could_ give the network guys access via the Network Admin role, same for Storage, but I find it easier for customers to simplify this and not have a legion of different roles doing their little bit - but I appreciate enterprise orgs can be complex :-)

Hope this helps!

AAA Administrator

Read-and-write access to users, roles, and AAA configuration. Read access to the rest of the system

SC> This is the User part of the Admin tab


Complete read-and-write access to the entire system. The default admin account is assigned this role by default and it cannot be changed.

Network Administrator

Read-and-write access to fabric interconnect infrastructure and network security operations. Read access to the rest of the system.

SC> This is the FI Equipment and the LAN tab


Read-and-write access to systems logs, including the syslog servers, and faults. Read access to the rest of the system.


Read-only access to system configuration with no privileges to modify the system state.

Server Equipment Administrator

Read-and-write access to physical server related operations. Read access to the rest of the system.

SC> Equipment tab for Chassis

Server Profile Administrator

Read-and-write access to logical server related operations. Read access to the rest of the system.

SC> Server tab

Server Security Administrator

Read-and-write access to server security related operations. Read access to the rest of the system.

SC> Admin tab, server policies

Storage Administrator

Read-and-write access to storage operations. Read access to the rest of the system.

SC> SAN tab

New Member

Re: definitions for UCS privileges

A Cisco engineer sent me this doc - it answers the question in extreme detail. See attached.

New Member

This is a good document, but

This is a good document, but it's very old and many of the privileges that I can see in the UCS gui nowadays are missing from the doc.  Example: service-profile-ext-access.

According to Cisco UCS Manager CLI Configuration Guide, Release 2.2 there is supposed to be a detailed list at

But that link isn't working.